"But since the limit is not yet reached so WhatsApp allows to go on inserting. So it crashes while we type and send and in mobile too when it [the mobile app] receives it overflows the buffer and it crashes."

"It works perfectly well in the above," he said. "I have tested in iPhone too but in iPhone it fails to crash."

While WhatsApp does not crash on the iPhone, it does freeze for a few seconds, according to Bhuyan.

"There are more than 1 billion Android users who use WhatsApp, which means this flaw could affect 1 billion+ users."

Last year WhatsApp was forced to address a different app-crashing security flaw brought to light by Bhuyan and his friend Sourav Kar.

"We showed how a 2000 word message in special character set can crash WhatsApp Messenger app," he wrote. "The main impact of the vulnerability was that the user who received the specially crafted message had to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely.

A screenshot of the fake email.
Comodo
"The exploit risked more than 500 million users worldwide. We reported the flaw and it was fixed in the next update."

In a separate security issue brought to light this week, WhatsApp users are being spammed with a new malware attack, according to security firm Comodo, which wrote about the malware in this blog post.

The malware is being sent to WhatsApp users through official-looking emails claiming to be from WhatsApp itself. The emails state that the user has a missed call, audio recording or notification and the malware infects the user's PC when the attachment is opened.